Dropbox Passwords

I tend to pay for a lot of subscription services. In fact, my friend Mark and I have enough of them between us that we needed not one but two episodes of our podcast just to talk about all of our subscriptions. Since the pandemic means I have nothing better to do with my time than sit around and think about things like how much money I spend on subscriptions, though, I’ve been thinking about which ones I might be able to do without, which ones I could swap for cheaper services, etc. to save myself a little bit of money each year. It often feels trivial to tack on yet another thing that costs $5 – $10 a month, but over the course of the year it adds up.

Enter Dropbox Passwords, a password manager built into Dropbox. In the past I’ve used Dropbox to sync passwords in conjunction with KeePassX, so having the same functionality built directly into the platform seemed nice. The fact that it’s a feature included with my Dropbox Plus plan and would save me from paying $80 a year for my current password manager is also a nice bonus. First I just had to put it through its paces.

Migration

Migrating to a new password manager is typically a fairly painless process. Every password manager I’ve ever used has given me the option to export my passwords to a variety of plaintext file formats. Naturally, having a plaintext file with all of your credentials is a terrible idea, but unless the machine you’re operating on is a digital cesspool it should be fine for the few minutes it takes to import the file somewhere else.

In my case, I exported a CSV and imported it into Dropbox Passwords. I initially got a message that there weren’t any accounts to import. I opened the CSV file and saw that some of the columns had weird headings and assumed Dropbox didn’t know what fields in the CSV mapped to which fields within Passwords. Their help documentation covers what’s needed:

The columns in your CSV file must be labeled so Dropbox Passwords knows how to import the information. Although Dropbox Passwords can recognize a range of labels, we recommend labeling them “Name”, “Password”, “Username”, “Notes”, and “URL”.

I updated the column headings to match the documentation above, and everything was fine.

Desktop Client

The desktop client for Dropbox Passwords is spartan to say the least. You get fields for:

  • Site Name
  • Username
  • Password
  • URL
  • Notes

That’s it. In other password managers, I frequently leverage either additional passwords or custom fields to add things like app passwords, API keys, etc. While I could store those in the free-form Notes field in Dropbox Passwords, the values aren’t masked out like they would be in other services with dedicated fields for this sort of thing.

After the initial setup where I logged in with my Dropbox credentials, the app gave me a “word list.” This PDF just had 12, random, English words on it. This serves as an extra security mechanism that I’ll touch on in the next section.

After the app was set up, it asked me to create a 6 digit PIN. That PIN is used to unlock the app if it times out due to inactivity. It’s worth noting that the browser extensions will not autofill login information is the application is currently locked; more on that later as well.

Mobile Apps

There isn’t too much to say about the mobile apps; they’re basically exactly what you would expect. It is worth mentioning that, at the time of this writing, there’s no iPad version of the app, meaning I’m stuck looking at the blown-up iOS app. It’s not a huge ordeal, though, because aside from logging in initially I almost never open the app itself. Like every other password manager, iOS can be configured to automatically get passwords out of it without requiring an app switch. It also integrates with Face ID and Touch ID on iOS for quick unlocking.

Multi Factor Authentication

Dropbox Passwords automatically implements a sort of MFA. When I logged in to the app on my phone, for example, it gave me a prompt on the desktop client. I had to accept the prompt there to confirm that I was, in fact, trying to configure the app on a phone. Likewise, when I configured the app on my iPad, I received a prompt on both my laptop and my phone.

This is where you might wonder what happens if I don’t have any of those other devices handy. In that case, I can use the word list to log in. I actually ended up doing this one time, and it worked without a hitch. What happens if I also lose the word list? Let’s hope I never find out. It’s nice to know, though, that despite the fact that the content is tied to a Dropbox account, Dropbox account credentials alone aren’t enough to access it.

Browser Extensions

You might wonder why I talked about desktop and mobile clients, switched gears to authentication, and then came back to a “client.” The reason is that the browser extensions are literally just a wrapper that provides integration with the desktop app for things like autofilling credentials. For example, clicking on the Dropbox Passwords extension icon in Safari on macOS doesn’t even open a UI for the extension… it pops open the full Dropbox Passwords client. I see this frequently when nothing autofills in my browser, I click on the icon for the browser extension, and then it opens the full app where I see it requesting my PIN to unlock it.

The reason why wrapper browser extensions are noteworthy for me is that there are no standalone extensions or even direct web access. If Dropbox Passwords doesn’t have a client on your platform of choice, you’re simply out of luck. For example, I can’t access my passwords when using Manjaro Linux on my Pinebook Pro. I verified this by installing the browser extension; clicking on it will bring me to a lovely message that the application isn’t available for my platform.

Where this seems really insane to me is that if I log into my Dropbox account on the web I can see the vault for Dropbox Passwords! But clicking on it gives me the same screen as shown in the image above.

I can’t actually do anything to access it. Even just some kind of web portal like I can access with Bitwarden, LastPass, or 1Password would be better than nothing. I can definitely understand not making a native Linux app a priority, but not having a browser extension or web access in 2020 blows my mind more than a little.

I really hope this is something the Dropbox Passwords team is actively working on. While the overall service isn’t quite as slick or polished as some of its competitors, the fact that it comes included with paid Dropbox Plans is a huge boon; people like myself will have to think twice about paying extra money for a service they already have included with their existing Dropbox subscription. There are some hurdles to overcome for Dropbox Passwords to reach parity with its competitors, but for many people it’ll be good enough as-is.

Note-Taking With Notable

The Others

I’ve struggled for years with finding a good, reliable, and simple note-taking application that fit my needs and didn’t lock me in to a particular platform. When I started my career, I was using Evernote for handling my notes at work. At the time, the free version of Evernote was pretty solid which was good because I didn’t have the money to be spending on notes. After a few years, however, Evernote apparently decided that not enough people were paying for the premium version of the product; as a result they crippled the free version. The free version had previously been limited to the amount of data you could sync in a month, and that alone seemed reasonable. They added on to this by limiting the number of devices which could connect to an account. Since having my work laptop, personal laptop, and phone all connect was no longer an option, I decided to look for something else.

At the time, nothing else really stuck out to me. I was working in a very Microsoft-centric environment and was managing Office 365 at the time a fairly new service. I opted to use OneNote since it would integrate in to Office 365. I almost immediately hated pretty much everything about OneNote, from the appearance, to how shitty the web app was at the time, to how poorly it would index and search my notes. However, I stuck with it for years because 1.) it was able to import my years of existing notes from Evernote and 2.) intertia made it easy to stay with a product (even if I strongly disliked it) because it meant I didn’t need to invest my time in anything else.

When I finally switched to a new job about a year ago, though, I decided it was time for a fresh start with my notes. I was working in a new role that meant my years of previous notes were no longer going to be nearly as important to me as they were. In the rare instance I needed one, I could easily pop open the OneNote (finally improved) web app and find it; I didn’t need to worry about importing those notes into another system for daily use. Since the job change also marked a change in switching from Windows to macOS for work, I originally started off using Apple Notes. I rather like Apple Notes in that it’s simple, fast, lightweight, and it syncs nicely between my MacBook, iPhone, and iPad. However, I quickly found that being locked in to Apple’s ecosystem for my notes wasn’t exactly what I was wanting. For example, while there’s a web app for Apple Notes, it’s clunky and slow. This means accessing my notes from my personal laptop running Linux is a painful experience. Likewise, what if I stopped using Apple products in the future? It makes no sense to be locked in to a particular hardware vendor when it comes to something as ubiquitous as note-taking software. While I still use Apple Notes occasionally for quick, personal notes that I’m only accessing from my phone, I didn’t want to continue using it as my primary note-taking application.

Since I was already an avid Dropbox user and had been for many years, I decided to give Dropbox Paper a try. I was initially drawn to it since it seemed like it was basically Markdown, the markup language I perfer to write things in. In fact, all of the posts for this blog are created in Markdown and compiled through Hugo. In reality, though, the syntax wasn’t exactly Markdown but a weird mix where some pieces of Markdown had been cherry-picked (e.g. bold, italics) while others were ignored (e.g. hyperlinks.) Being that the files were created with a .paper extension also meant they weren’t Markdown files I could directly edit with something else in a clean manner; I was locked in to Dropbox. What if I wanted to change my cloud storage to something different, which could very well happen if ProtonDrive lives up to my expectations when it releases.

This is when I started to realize that what I really wanted was something that would allow me to easily work with Markdown but that would leave vanilla Markdown files on my system. These files could be synced through whatever means I wanted to use, be in Dropbox, ProtonDrive, iCloud, or anything else; I didn’t want to be dependent upon a particular sync mechanism. Likewise, I needed the files to be Markdown so that I wasn’t dependent upon a particular application, either. I’ve discussed before how I love having all of the posts on this site saved as Markdown because it means that I can (and have!) moved them quickly and easily between different websites. I wanted to have the same flexibility with my notes.

Notable

The Good

I did a quick search for note-taking applications that deal with Markdown, and one of the first results I got was Notable. Almost immediately it seemed to fit the bill. It was a simple, lightweight application that dealt with Markdown files. When a file is open in edit mode, I see all of the Markdown syntax I know and love. When I save a file, the Markdown is rendered for easy consumption. While I don’t get a live-preview like I do with Atom, I think this is a much more elegant setup for note-taking and reference.

It’s important to note, pun not intended, that the name for “Notable” gives away the fact that it is focused on notes in particular. When I was discussing my attempts to find a good Markdown editor for my notes, a friend of mine shared with me an episode of the Mac Power Users podcast focused on Markdown. While they list a lot of options (with an obvious focus on software for Apple products), many were not note-specific; some were just Markdown editors. For example, Byword looks cool but seems to be much more focused on a minimalist writing experience than on a note-taking experience. While I could use something like that and simply search through my notes with grep from the CLI, if I wanted to do that I would just use Vim or Atom as my editor and be done with it. I was really looking for something that would allow me to easily categorize and search my notes. Notable does this through tags which can be applied to each of my notes. Tags are used as an organization method; with them it’s easy to then do a text search across the content of either all of my notes or on just the notes with particular tags applied.

All of the notes created in Notable are .md files that live in a directory I choose. At the moment, that directory is inside of my Dropbox folder. This is especially cool for a couple of reasons. First off, Dropbox can render Markdown files. So if I just need to reference one of my notes from another device, I can simply go through Dropbox on the web, open the file, and reference all of my notes. I just have to know the name of the file since the tags are not readily accessible or searchable outside of Noteable. All of that information is stored as metadata at the top of each .md file.

The Bad

While using Notable has been working well for me after about a month, there are a couple of things that could be better. The immediate problem is that there isn’t any type of mobile app, and even if there were a mobile app I don’t know exactly how it would continue to sync since Dropbox isn’t keeping my files directly on my iPhone and iPad the way that it does on my MacBook. I think the design of Notable would need to be fundamentally changed, and suddenly integration with cloud storage would need to be done at the application level rather than the filesystem level. I don’t think that’s a good solution. Similarly, I also don’t really want to be authoring a bunch of Markdown content on my mobile devices, either. Most of the notes I’d be using on my phone are more personal (e.g. my grocery list) and those I continue to use Apple Notes for. In the instance I need to view some notes from Notable on my mobile device, that’s where opening them from Dropbox and rendering the Markdown works rather well.

Notable itself exists on a wide array of platforms. While it’s fairly simple to install on macOS or Debian-based Linux, I haven’t installed it yet on my Manjaro Linux laptop where it would be available via the AUR. I didn’t see the point since on this machine I haven’t installed Dropbox, either, and that’s where all of the notes are. On this machine, however, I mainly only need to reference blog-specific notes; for those I’m typically just once again opening the files from Dropbox on the web. In the instance that I want to edit a note, I can use Dillinger for that to edit the files directly in Dropbox from the cloud. In another life, I made heavy use of Dillinger for authoring blog posts for WordPress via Markdown; this was back when WordPress had support for authoring content in Markdown but didn’t support it in their editor.

In very rare cases I’ve wanted to create a new note in Notable but didn’t have access to my MacBook. In that case, from Dropbox I can simply copy an existing note, manually update the metadata to apply the appropriate tags, and then make whatever notes I need. I’ve verified in a few occasions that this seems to work without a hitch, though I suppose it’s possible to mess something up in the metadata if you really farkle it up.

Overall, the downsides I’ve enumerated here are more minor inconveniences than serious issues. I am curious how well the application will scale; right now I have a few dozen notes saved and everything is snappy. If I reach the same number of notes that I had in OneNote, though, I’m curious how quickly things like searching and swapping between notes will continue to be. The good news, though, is that since I’m not really locked in to Notable given that the files are just Markdown, if there are any problems in the future it shouldn’t be too terribly difficult to switch to something else or just work with the files directly if I can’t find a better solution.

If you’re comfortable with Markdown and the idea of controlling your notes without being locked into a particular application for editing and syncing them is important to you, then I would highly recommend checking out Notable. I’m extremely pleased with it right now, and for the low cost of free there’s really no reason not to give it a shot. It’s worth mentioning that while Notable was originally open source, that’s no longer the case. While I’d personally prefer if it was open source, it’s not a dealbreaker for me.

Enabling Legacy Status Icons In Pop!_OS

As we mentioned back in Episode 6, I had installed Pop!OS on my desktop. The design of the Pop!_OS interface is very streamlined and minimal to allow you to focus on things without as many distractions as you’ll frequently see in competing operating systems. That’s pretty awesome, but sometimes I want distractions… namely the ones I get by seeing which applications I have up and running in the background. As you’re probably used to seeing, applications like Dropbox and Discord will drop a small icon somewhere in your OS to let you know the applications are running. For example, by default they’ll appear in the bottom right corner of the screen in Windows and at the upper right corner in macOS which is right next to the clock. In Ubuntu, which Pop!_OS is based on, they’ll also show up next to the clock in the upper-right corner of the screen.

I could live without a Discord icon, but I really wanted one for Dropbox; it’s useful to see the icon change based on the sync status of the service. I did a little bit of digging, and the most challenging part was honestly what search terms to use in order to find the information for which I was hunting. Luckily, it didn’t take long for me to find the official documentation on the matter.

“Ubuntu and previous versions of GNOME Shell supported “status icons” or “AppIndicators” where installed apps could add arbitrary icons to the shell. In GNOME Shell 3.26, this functionality was removed in favor of other APIs.”

The issue isn’t that Pop!_OS doesn’t support status icons, but that it doesn’t support legacy status icons… at least not out of the box. The application gnome-shell-extension-appindicator from the standard repositories will fix this, though. Just install it via:

sudo apt install gnome-shell-extension-appindicator

Once it’s installed, launch it with:

gnome-shell-extension-prefs

Then turn on KStatusNotifierItem/AppIndicator Support. Boom. Okay, not boom. I had to log out and back in first, as noted in the documentation. After that, though, I was able to see my Dropbox icon in all its glory.

Worth it. Stay pink!

Unusually Pink Updates: Dropbox, Password Managers, and Ad Blocking

This will be one of those weird amalgam posts featuring multiple only mildly-related topics but which are too short to be a post in their own right. I though it would be helpful to provide some updates on a few things that Brandi and I have talked about in some of our past episodes. They’re all tech-related… but you already know that from reading the title.

Dropbox Upgrades and Price Increases

On June 1st, Dropbox added more features to their Plus plan. I’ve been a Plus customer for a couple of years now. It’s less of a “I need to pay for the extra space” situation and more of a “I store some important shit in here and this gives me more peace of mind” situation. The main features from the upgrade, according to the email they sent me, are:

“Double your storage—save everything with 2 TB (2,000 GB).
World-class sync technology—move out-of-date files off your computer’s hard drive and to the cloud with Dropbox Smart Sync.
Dropbox Rewind—roll back accidental changes to any folder, or your entire account, up to 30 days.”

The extra storage is nice, though suffice to say it’s not exactly something I need.

Rewind seems really nice, though. I store a lot of PowerShell scripts in Dropbox, so I could see rewind being useful if I accidentally break one or need to snag an older version for some reason. While I’ve recently been making an effort to check in my bigger, more important scripts with Azure DevOps for version control, smaller ones that I’m the only person likely to use still just go into Dropbox.

Things aren’t all roses and unicorns, though, as the added storage and features come at a cost: $2 USD more per month. This bumps the monthly price up to $12 USD. The good part is that if you go with yearly pricing, you save that $2 a month and pay $120 for the year. I’m actually still on monthly pricing despite having used the Plus service for a few years so I’ll need to move over for sure. While the bonus storage is available now the new pricing isn’t happening for me until July. So before early July I need to swap to yearly billing to avoid paying the extra couple of bucks.

Wired Password Manager Recommendations

In our last episode, Brandi and I spoke a bit about password managers. Right after we recorded that episode Wired published an article all about password managers. The timing seemed perfect to share it. Of the ones Wired recommends Dashlane is the only that I haven’t used. It also makes me feel good that my preferred password manager, 1Password, was Wired’s #1 recommendation.

Speaking of Wired, I love their content but always run into my 5 free articles per month limit. I just happened to see earlier today that they’re doing a deal where you can snag a year’s subscription for just $10. This includes the print editions plus digital content (normally $50 a year) or just digital if you don’t care about print (normally $30 a year.) I was fortunate enough to see it right when they posted to Twitter. I have no clue how long this is running for, but it seems pretty worthwhile if you’re a geek and like tech news. And no… we don’t get anything for promoting this. I just like Wired.

Browser Ad Blocking

Also from our last episode, we discussed how Google was initially thinking about making changes to the webRequest API that would essentially cripple ad blockers. Like we discussed in the episode, after those initial reports and backlash in January Google had backed off a little and said they would think through how this API update should work. At the end of May, though, it came to light that Google still plans to nuke the webRequest API pieces that allow current ad blockers to work… that is unless you’re a G Suite customer.

What’s worse is that these proposed changes seem to be in the open-source Chromium project. So unless Microsoft does some work on their fork, the Chromium-based version of Edge could also be impacted. Suffice to say this gives me some significant pause on my previously mentioned plans to buy a new Chromebook. I’m now re-evaluating what I should do for my laptop situation. And if you haven’t used Firefox Quantum recently, now might be a great time to check it out.